Snort mailing list archives

Re: rules

From: Arvind Clemente <arvind () controlnet co in>
Date: Fri, 30 Nov 2001 17:54:28 +0530

Hi John
    Thnx for you time. What i meant was the rulset you get on Maxvision
and default snortruleset, which of this is beetter......meaning updation
of rules. support etc...... I am using Snort 1.8.2 on linux 2.2.20 as an
IDS for my enterprise.

rgds

Arvind

John Sage wrote:

Arvind:

Probably an impossible question to really answer.

What do you mean, "better"?

Depending on what version you're using (latest is 1.8.3 on *n(i|u)x, I
believe..) I would think the rules that come with the latest distro are
more current, as I don't know who's maintaining the Vision rules these
days...

What are you trying to accomplish?

In what context are you running snort?

What platform?

etc etc etc...

- John

Arvind Clemente wrote:

Hello Everybody,
    I am a newbie in snort and want to ask which rulessets are better
Maxvision or Default snort rulesets.

Thanks in Advance

Rgds
Arvind Clemente



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

rules Arvind Clemente (Nov 29)
- Re: rules John Sage (Nov 29)
  - Re: rules Arvind Clemente (Nov 30)
    - Re: rules John Sage (Nov 30)
- Re: rules Michael Boman (Nov 29)